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AMENDMENTS TO THE CLAIMS 

This listing of claims replaces all prior versions, and listings, of claims in the application: 
Listing of Claims: 

1 . (Currently Amended) At a requesting computing system that is communicatively 
connectable to a providing computing system, the requesting computing system including 
requesting instructions that can attempt to interact with a providing application at the providing 
computing system, a method for providing information that can be used to verify measurable 
aspects of the requesting computing system, the method comprising: 

determining that the providing computing system is appropriately configured to 
issue challenges to components included in the requesting computing system; 

determining that the providing application is appropriately configured to issue 
challenges to the requesting instructions; 

receiving a challenge initiated by the providing application, the challenge 
including information indicating how the requesting computing system is to prove that 
the requesting computing system is appropriately configured to access a resource, the 
information comprising at least the identity of a region within a portion of executable 
instructions at the requesting computing system computed from a first random value and 
a second random value , the portion of executable instructions used to determine a 
measurable aspect of a configuration : 

formulating proof, based on a -the measurable aspect of the requesting computing 
system's configuration, that the measurable aspect of the requesting computing system's 
configuration is appropriate for accessing a resource; and 

submitting an assertion that can be used to verify that the requesting computing 
system is appropriately configured to access a resource. 

2. (Previously Presented) The method as recited in claim 1, wherein 
determining that the providing computing system is appropriately configured to issue challenges 
to components included in the requesting computing system comprises an act of establishing a 
Secure Sockets Layer (SSL) connection between the requesting computing system and the 
providing computer system. 
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3. (Original) The method as recited in claim 1, wherein the act of determining 
that the providing application is appropriately configured to issue challenges to the requesting 
instructions comprises receiving proof that the providing application complies with one or more 
security and trust policies of the requesting computing system. 

4. (Previously Presented) The method as recited in claim 1, wherein receiving 
a challenge that was initiated by the providing application comprises receiving a request for 
proof of the values of one or more measurable aspects of the requesting computer system. 

5. (Original) The method as recited in claim 1, wherein the submitted assertion 
includes the values of one or more measurable aspects of the requesting computer system. 

6. (Original) The method as recited in claim 1, wherein the submitted assertion 
indicates the identity of one or more portions of the requesting instructions. 

7. (Original) The method as recited in claim 1, wherein the act of submitted 
assertion indicates an execution environment of the requesting code. 
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8. (Currently Amended) At a providing computing system that is communicatively 
connectable to a requesting computing system, the providing computing system including a 
providing application that can attempt to interact with a requesting instructions at the requesting 
computing system, a method for verifying measurable aspects of the requesting computing 
system, the method comprising: 

proving that the providing computing system is appropriately configured to issue 
challenges to components of the requesting computing system; 

using a first random value and a second random value to identify one or more 
regions within a portion of instructions at the requesting computing system; 

causing a configuration challenge to be issued to the requesting instructions, the 
challenge including information indicating how the requesting computing system is to 
prove that the requesting computing system is appropriately configured to access a 
resource, the information comprising at least the identity of a region within a portion of 
executable instructions at the requesting computing system computed from a first random 
value and a second random valu e, the portion of executable instructions used to 
determine a measurable aspect of a configuration ; 

receiving an assertion that can be used to verify that the requesting instructions 
are configured appropriately for interacting with the providing application, the assertion 
including information based at least in part upon both a measurable aspect of the 
requesting system is configured and the information indicating how the requesting 
computing system is to prove that the requesting computing system is appropriately 
configured. 

9. (Previously Presented) The method as recited in claim 8, wherein the act of 
proving that the providing computing system is appropriately configured to issue challenges 
comprises an act of establishing a Secure Sockets Layer (SSL) connection between the providing 
computing system and the requesting computing system. 

10. (Original) The method as recited in claim 8, wherein the act of proving that 
the providing application is appropriately configured to issue challenges to the requesting 
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instructions comprises an act of sending proof that the providing application complies with one 
or more security and trust policies of the requesting computing system. 

11. (Previously Presented) The method as recited in claim 8, wherein causing 
a challenge to be issued to the requesting computing system comprises an act of requesting proof 
of the values of one or more measurable aspects of the requesting computer system. 

12. (Previously Presented) The method as recited in claim 8, wherein receiving 
an assertion comprises an act of receiving proof of the identity of one or more portions of the 
requesting instructions. 

13. (Previously Presented) The method as recited in claim 8, wherein 
receiving an assertion comprises an act of receiving proof of the values of one or more 
measurable aspects of an execution environment at the requesting computer system. 

14-20. (Cancelled). 
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21. (Currently Amended) At a requester that is communicatively connectable to a 
provider, a method for authorizing the requester to interact with the provider, the method 
comprising: 

sending a request to the provider; 

receiving a configuration challenge from the provider, the configuration 
challenge including information indicating how the requester is to prove that the 
requester is appropriately configured to interact with the provider; 

formulating proof, based on a measurable aspect of the requester's configuration, 
that the measurable aspect of the requesting computing system's configuration is 
appropriate for accessing a resource., the measurable aspect comprising at least a region 
within a portion of executable instructions and the measurable aspect comprising bvte 
values for at least some of the executable instructions : 

sending proof of the values of one or more measurable aspects of the requester to 
the provider; and 

receiving a token that can be used to prove that the requester is appropriately 
configured. 

22. (Original) The method as recited in claim 21, wherein the act sending a 
request to the provider comprises an act of sending a challenge along with the request, the 
challenge indicating how the provider is to prove that the provider is appropriately configured to 
issue configuration challenges to the requester. 

23. (Original) The method as recited in claim 21, wherein the act of receiving a 
configuration challenge from the provider comprises an act receiving a configuration challenge 
along with proof that the provider is appropriately configured to issue configuration challenges 
to the requester. 



Page 6 of 18 



Application No. 10/827,082 

Amendment "D" dated September 20, 2008 

Reply to Non-Final Office Action mailed June 20, 2008 

24. (Original) The method as recited in claim 21, wherein the act of sending 
proof of the values of one or more measurable aspects of the requester to the provider comprises 
an act of sending a challenge along with the proof of the values of one or more measurable 
aspects, the challenge indicating how the provider is to prove that the provider is appropriately 
configured to issue configuration challenges to the requester. 

25. (Original) The method as recited in claim 21, wherein an act of receiving a 
token comprises an act of receiving a token along with proof that the provider is appropriately 
configured to issue configuration challenges to the requester. 
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26. (Currently Amended) At a provider that is communicatively connectable to a 
requester, a method for authorizing the requester and the provider to interact with the provider, 
the method comprising: 

an act of receiving a request from the requester; 

an act of causing a configuration challenge to be issued to the requester, the 
configuration challenge requesting proof that the requester is appropriately configured to 
interact with the provider; 

an act of receiving proof of the values of one or more measurable aspects of the 
requester's configuration, the one or more measurable aspects comprising at least a 
region within a portion of executable instructions and the measurable aspects comprising 
byte values for at least some of the executable instructions ; and 

an act of sending a token that can subsequently be used to prove that the requester 
is appropriately configured. 

27. (Original) The method as recited in claim 26, wherein the an act of receiving a 
request comprises an act of receiving a challenge along with the request, the challenge requesting 
proof that the provider is appropriately configured to issue configuration challenges to the 
requester. 

28. (Original) The method as recited in claim 26, wherein the act of causing a 
configuration challenge to be issued to the requester comprises an act of sending a configuration 
challenge along with proof that the provider is appropriately configured to issue configuration 
challenges to the requester. 

29. (Original) The method as recited in claim 26, wherein the act of receiving proof 
of the values of one or more measurable aspects of the requester's configuration comprises an act 
of receiving a challenge along with the proof of the values of the one or more measurable 
aspects, the challenge requesting proof that the provider is appropriately configured to issue 
configuration challenges to the requester. 
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30. (Original) The method as recited in claim 26, wherein that act of sending a token 
comprises sending a token along with proof that the provider is appropriately configured to issue 
configuration challenges to the requester. 

31. (Cancelled). 
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32. (Previously Presented) A computer program product for use in a computing 
system having a requester that is communicatively connectable to a provider, the computer 
program product for implementing a method for authorizing the requester to interact with the 
provider, the computer program product comprising one or more computer-readable physical 
storage media having stored thereon computer-executable instructions that, when executed by a 
processor, cause the computing system to perform the method of claim 21. 



Page 10 of 18 



Application No. 10/827,082 

Amendment "D" dated September 20, 2008 

Reply to Non-Final Office Action mailed June 20, 2008 

33. (Previously Presented) A computer program product for use in a computing 
system having a provider that is communicatively connectable to a requester, the computer 
program product for implementing a method for authorizing the requester and the provider to 
interact with the provider, the computer program product comprising one or more computer- 
readable physical storage media having stored thereon computer-executable instructions that, 
when executed by a processed, cause the computing system to perform the method of claim 26. 
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